Security and compliance

The trust and success of our customers is of the highest priority to our business. We are committed to abiding by the highest possible standards of security and compliance.

Cohort Software have achieved the Cyber Essentials plus certification

Cyber Essentials Plus

Cyber Essentials Plus is the recognised benchmark that helps organisations of all sizes against a whole range of the most common cyber-attacks. Cohort Software has successfully achieved the plus certification after undergoing a technical review carried out independently by a certification body. This now means the company approach to security and mitigation against online risks meets and exceeds the industry standard framework.


The IASME Governance standard, is based on international best practice, is risk-based and includes aspects such as physical security, staff awareness, and data backup. The IASME GDPR certification includes GDPR assessment elements. Achieving this certification highlights Cohort Software’s commitment to implementing processes that fully satisfy compliance with GDPR regulations.

ISO 27001 compliance

ISO 27001 the specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation’s information risk management processes.


ISO 27001 checklist:

  • Ensuring we have a structured and measured policy and procedure governing our information security.
  • Guaranteeing that data is encrypted appropriately.
  • Classification and approved handling procedures for all information types.
  • Ongoing surveillance audits to ensure we are always compliant.
  • Robust Business Continuity plans ensure that business can continue if a disaster occurred.
  • Our whole business is accredited, not just a department or partner.
  • Assisting with speeding up the procurement process.
  • Certificate and policy to share with existing clients.
  • Validating us as a secure and reputable company.

Data Protection compliance

Cohort Software is committed to ensuring that our product, Cohort Software, provides a platform to enable Occupational Health Services to meet the existing UK Data Protection Act 1998 (DPA) requirements and the new requirements of the General Data Protection Regulations (GDPR) ahead of May 2018 and beyond. We acknowledge that there may still be questions about how the GDPR would apply in the UK on leaving the EU, but feel that this should not distract from the important task of compliance with the GDPR.

We formed a Customer Steering Group in May 2017 as part of this work we have drafted a brief for a Barristers Opinion from Diana Kloss. Our solution will be based upon her opinion.

Robust testing and system monitoring are part of our commitment to the highest security standards


Annual PEN / ITHC Reports (NCC Group)

The main objective of penetration testing is to determine security weaknesses. A pen test can also be used to test an organization’s security policy compliance, its employees’ security awareness and the organization’s ability to identify and respond to security incidents


Quarterly Vulnerability Testing

Vulnerability assessment tools discover which vulnerabilities are present within the hosted environment, alert ourselves to pre-existing flaws where they are located.


PSN Compliance

The Public Services Network (PSN) is the UK government’s high-performance network, which helps public sector organisations work together, reduce duplication and share resources.

The PSN uses a ‘walled garden’ approach, which enables access to Internet content and shared services to be controlled. This is because the security of any one user connected to the PSN affects both the security of all other users and the network itself.


The PSN compliance process exists to provide the PSN community with:

  • Confidence the services they use over the network will work without problems.
  • Assurance that their data is protected in accordance with suppliers’ commitments.
  • The promise that if things do go wrong they can be quickly put right.

Holding a valid PSN compliance certificate gives you permission to interact with the PSN in a specific, pre-agreed way.

Hosted Services

Tier 4 Ready Data Centre


The Tier 4 ready data center considered as most robust and less prone to failures. Tier 4 is designed to host mission critical servers and computer systems, with fully redundant subsystems (cooling, power, network links, storage etc.) and compartmentalised security zones controlled by biometric access controls methods

  • Tier 4 ready data centres offer the high availability at over 99.95% and considered the most secure environment to host software platforms and sensitive data.
  • Planned & unplanned outages should not cause any disruption to equipment.
  • All equipment must be dual-powered.
  • All maintenance, unless major, can be performed without impact to equipment.
  • All equipment fault-resistant, reducing the likelihood of any lengthy outages.